0

A basic and thorough understanding of prepared statement and it's implementation using OOP and Msqli.

For the past last week I have been trying to understand how prepared statements work but no luck so if anyone can explain the basic for me or share a link that do so you would truly make me happy thanks.

30th Jul 2017, 10:37 AM
ibrahim danjuma
ibrahim danjuma - avatar
2 Answers
0
Prepared statements makes only difference if you use wildcard "?" for values (Ex. SELECT id FROM user WHERE username=? AND password=?) If it is not prepared statement, the data is simply inserted before any processing of the query (thus the code is volunerable to SQL injections. Prepared statements first parses the SQL command and after that uses the values to execute it (so values never get in contact with statement itself)
16th Aug 2017, 12:22 AM
Michal PĂĄcal
Michal PĂĄcal - avatar
0
You mean even when I use a variable as a placeholder it doesn't make a difference @michal pascal??
16th Aug 2017, 8:11 AM
ibrahim danjuma
ibrahim danjuma - avatar